From 538e2f04c290fa0dbafc0280743dcff0e8001c7a Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Fri, 23 Jul 2021 08:12:53 +0200 Subject: [PATCH] firewall: update filterlog reader slightly CARP in IPv4 and IPv6 uses the IP header's "ttl" or "hoplimit" so that we use the same name for reading it to avoid duplication. The values are the same in any case. Change "flowlabel" to "flow" to avoid confusion with "label". Change IP "version" to "ipversion" and consolidate CARP "version(2)" into "version". --- .../mvc/app/views/OPNsense/Diagnostics/fw_log.volt | 3 +-- src/opnsense/scripts/filter/read_log.py | 14 ++++++++------ 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/opnsense/mvc/app/views/OPNsense/Diagnostics/fw_log.volt b/src/opnsense/mvc/app/views/OPNsense/Diagnostics/fw_log.volt index b37e357e4..9bac6146f 100644 --- a/src/opnsense/mvc/app/views/OPNsense/Diagnostics/fw_log.volt +++ b/src/opnsense/mvc/app/views/OPNsense/Diagnostics/fw_log.volt @@ -1,5 +1,4 @@ {# - # # Copyright (c) 2014-2021 Deciso B.V. # All rights reserved. # @@ -255,7 +254,7 @@ log_td.addClass('address'); log_td.data('address', record[column_name]); if (record[column_name+'port'] !== undefined) { - if (record['version'] == 6) { + if (record['ipversion'] == 6) { log_td.text('['+log_td.text()+']:'+record[column_name+'port']); } else { log_td.text(log_td.text()+':'+record[column_name+'port']); diff --git a/src/opnsense/scripts/filter/read_log.py b/src/opnsense/scripts/filter/read_log.py index d21f47183..535fa3a24 100755 --- a/src/opnsense/scripts/filter/read_log.py +++ b/src/opnsense/scripts/filter/read_log.py @@ -43,16 +43,18 @@ from params import update_params # define log layouts, every endpoint contains all options # source : https://github.com/opnsense/ports/blob/master/opnsense/filterlog/files/description.txt -fields_general = 'rulenr,subrulenr,anchorname,rid,interface,reason,action,dir,version'.split(',') +fields_general = 'rulenr,subrulenr,anchorname,rid,interface,reason,action,dir,ipversion'.split(',') + fields_ipv4 = fields_general + 'tos,ecn,ttl,id,offset,ipflags,proto,protoname,length,src,dst'.split(',') fields_ipv4_udp = fields_ipv4 + 'srcport,dstport,datalen'.split(',') fields_ipv4_tcp = fields_ipv4 + 'srcport,dstport,datalen,tcpflags,seq,ack,urp,tcpopts'.split(',') fields_ipv4_carp = fields_ipv4 + 'type,ttl,vhid,version,advskew,advbase'.split(',') -fields_ipv6 = fields_general + 'class,flowlabel,hlim,protoname,proto,payload-length,src,dst'.split(',') +fields_ipv6 = fields_general + 'class,flow,hoplimit,protoname,proto,length,src,dst'.split(',') fields_ipv6_udp = fields_ipv6 + 'srcport,dstport,datalen'.split(',') fields_ipv6_tcp = fields_ipv6 + 'srcport,dstport,datalen,tcpflags,seq,ack,urp,tcpopts'.split(',') -fields_ipv6_carp = fields_ipv6 + 'type,ttl,vhid,version2,advskew,advbase'.split(',') +fields_ipv6_carp = fields_ipv6 + 'type,hoplimit,vhid,version,advskew,advbase'.split(',') + # define hex digits HEX_DIGITS = set("0123456789abcdef") @@ -138,8 +140,8 @@ if __name__ == '__main__': if 'action' not in rule: # not a filter log line, skip continue - elif 'version' in rule: - if rule['version'] == '4': + elif 'ipversion' in rule: + if rule['ipversion'] == '4': update_rule(rule, metadata, rulep, fields_ipv4) if 'proto' in rule: if rule['proto'] == '17': # UDP @@ -148,7 +150,7 @@ if __name__ == '__main__': update_rule(rule, metadata, rulep, fields_ipv4_tcp) elif rule['proto'] == '112': # CARP update_rule(rule, metadata, rulep, fields_ipv4_carp) - elif rule['version'] == '6': + elif rule['ipversion'] == '6': update_rule(rule, metadata, rulep, fields_ipv6) if 'proto' in rule: if rule['proto'] == '17': # UDP